On 4/24/2011 12:45 PM, A.Dura wrote:> Hi,
>
> we are using samba with ldap for our pdc.
>
> And i was told by another admin, that when you use a windows server,
> you can only get the "Domain Users" and "Domain Admins"
groups from
> the samba/ldap pdc.
>
> So i tried to add a group, which i know exists on the server, to my
> windows server, but windows couldn't find it.
>
> Is there a way to make other groups then "domain users" and
"domain
> admins" usable under windows?
>
> Regards,
> adura
>
Which version of Samba are you using? I was able to get quite a few
groups out of LDAP from samba4, but I had to add these entries to my
ldap.conf:
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
I also needed to add GID and a password value into the sam.ldb entries
that I wanted to flow.
In the end I found that some groups hung (not sure why) and the setup
caused problems when I installed software (because groupadd doesn't work
right). So I turned off getting groups from ldap. I am getting my
users from ldap and this works well (except I can't get ssl to work).
If you are using Samba3 there are lots of guides on how to do it...